Tweak the check that a ciphersuite has not changed since the HRR
authorMatt Caswell <matt@openssl.org>
Fri, 16 Jun 2017 09:56:40 +0000 (10:56 +0100)
committerMatt Caswell <matt@openssl.org>
Fri, 16 Jun 2017 09:57:59 +0000 (10:57 +0100)
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3623)

ssl/statem/statem_srvr.c

index 0f55d2652d3e21925001419cbfe69128d39adff8..6f578168101e3d98f486fbe44daa10cad577b412 100644 (file)
@@ -1615,8 +1615,9 @@ static int tls_early_post_process_client_hello(SSL *s, int *pal)
             al = SSL_AD_HANDSHAKE_FAILURE;
             goto err;
         }
             al = SSL_AD_HANDSHAKE_FAILURE;
             goto err;
         }
-        if (s->hello_retry_request && s->s3->tmp.new_cipher != NULL
-                && s->s3->tmp.new_cipher->id != cipher->id) {
+        if (s->hello_retry_request
+                && (s->s3->tmp.new_cipher == NULL
+                    || s->s3->tmp.new_cipher->id != cipher->id)) {
             /*
              * A previous HRR picked a different ciphersuite to the one we
              * just selected. Something must have changed.
             /*
              * A previous HRR picked a different ciphersuite to the one we
              * just selected. Something must have changed.